KIT | KIT-Bibliothek | Impressum

Attack Surface Reduction for Web Services based on Authorization Patterns

Steinegger, Roland H.; Schäfer, Johannes; Vogler, Max; Abeck, Sebastian

Abstract:
During the design of a security architecture for a web application, the usage of security patterns can assist with fulfilling quality attributes, such as increasing reusability or safety. The attack surface is a common indicator for the safety of a web application, thus, reducing it is a problem during design. Today’s methods for attack surface reduction are not connected to security patterns and have an unknown impact on quality attributes, e.g., come with an undesirable trade-off in functionality. This paper introduces a systematic and deterministic method to reduce the attack surface of web services by deriving service interface methods from authorization patterns. We applied the method to the Participation Service that is part of the KIT Smart Campus system. The resulting RESTful web services of the application are presented and validated.


Zugehörige Institution(en) am KIT Institut für Telematik (TM)
Publikationstyp Proceedingsbeitrag
Jahr 2014
Sprache Englisch
Identifikator ISBN: 978-1-61208-376-6
ISSN: 2162-2116
URN: urn:nbn:de:swb:90-502514
KITopen ID: 1000050251
Erschienen in SECURWARE 2014, The Eighth International Conference on Emerging Security Information, Systems and Technologies, November 16 - 20, 2014, Lisbon, Portugal. Ed.: R. Falk
Verlag IARIA, Wilmington
Seiten 194-201
Schlagworte security pattern, attack surface, authorization, web service, rest
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft KITopen Landing Page